New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pyinstaller/PyInstaller/bootloader/Windows-32bit/runw.exe - Virustotal rating 11/60 #2501

Closed
AndrewUshakov opened this Issue Mar 13, 2017 · 5 comments

Comments

Projects
None yet
3 participants
@AndrewUshakov

AndrewUshakov commented Mar 13, 2017

I was informed by our corporate IT, that:

Our bit9 database has detected a file runw.exe as malicious on the server - XXX\XXXXX
File path:: x:\xxxxxxx\xxxxxxxxxxx\my documents\pyinstaller\pyinstaller\bootloader\windows-32bit\
Please delete this file as soon as possible.

I checked this file using virusltotal.com and result is 10/60 which is rather big:

Antivirus Result Update
AegisLab Troj.Gen!c 20170313
Antiy-AVL Trojan[Dropper]/Win32.Sysn 20170313
Jiangmin Trojan.Agent.asnd 20170313
K7AntiVirus Trojan ( 00506e781 ) 20170313
K7GW Trojan ( 00506e781 ) 20170313
NANO-Antivirus Trojan.Win32.Agent.elyxeb 20170313
Palo Alto Networks (Known Signatures) Virus/Win32.WGeneric.lldkv 20170313
Rising Malware.Generic.5!tfe (cloud:4VPvg98eQbI) 20170313
TheHacker Trojan/Agent.am 20170311
Zillya Dropper.Sysn.Win32.5954 20170310

I understand, that this is a 'false-positive', but I sure that it is very desirable to have absolutely clean rating 0/70.

Thank you in advance.

@ghost

This comment has been minimized.

ghost commented Mar 13, 2017

I ran into this problem a while ago but MS appears to have fixed it for windows defender. I don't know what the answer is; the code is open source for everyone to see. If you have any suggestions, please let us know. Otherwise, nothing is likely to happen.

@ghost

This comment has been minimized.

ghost commented Mar 13, 2017

I looked on carbon's web site and was unable to find a contact link that I could use. My suggestion is that since you are a paying customer, you can contact them about this false positive.

@AndrewUshakov

This comment has been minimized.

AndrewUshakov commented Mar 13, 2017

Thank you. I already asked our corporate IT to send this file with information where it is possible to find its source code to "our" anitivirus company,

@htgoebel

This comment has been minimized.

Member

htgoebel commented Mar 13, 2017

Please contact you anti-virus vendor. There is nothing we can do about this false positive.

If your anti-virus vendor considers one of the files included in the PyInstaller distribution or a file generated by PyInstaller to be malicious, there is nothing we can do about this. Even if we'd change our code, they'd change their pattern and the race starts again.

See this mailing-list thread and other tickets for his topic.

@htgoebel htgoebel closed this Mar 13, 2017

@htgoebel htgoebel added the invalid label Mar 13, 2017

@pyinstaller pyinstaller locked as resolved and limited conversation to collaborators Jan 27, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.